Static routing table does not match across cluster members-f5-all

Static routing table does not match across cluster members-f5-all
0

Static routing table does not match across cluster members-f5-all

Vendor: f5

OS: all

Description:
Indeni will identify when two devices are part of a cluster and alert if their static routing tables are different.

Remediation Steps:
Ensure the static routing table matches across devices in a cluster.

How does this work?
This alert uses the F5 iControl REST API to extract the configured routes for the device.

Why is this important?
It is important that the routing is configured the same for all cluster members of the same cluster. Otherwise there can be downtime in the event of a failover.

Without Indeni how would you find this?
An administrator could log into the device, enter TMSH and run the command “show net route”. The routing information is also available via the web interface in “Network” -> “Routes”.

f5-rest-net-interface-route

name: f5-rest-net-interface-route
description: Extract configured static routes, and count them to match against routes-limit
type: monitoring
monitoring_interval: 30 minutes
requires:
    vendor: f5
    product: load-balancer
    rest-api: 'true'
comments:
    static-routing-table:
        why: |
            It is important that the routing is configured the same for all cluster members of the same cluster. Otherwise there can be downtime in the event of a failover.
        how: |
            This alert uses the F5 iControl REST API to extract the configured routes for the device.
        without-indeni: |
            An administrator could log into the device, enter TMSH and run the command "show net route". The routing information is also available via the web interface in "Network" -> "Routes".
        can-with-snmp: true
        can-with-syslog: false
    routes-usage:
        why: |
            If maximum route entries route has been configured and the limit is reached no more route entries can be added to the system. This alert tracks the number of added routes and warns if the limit is about to, or has been reached.
        how: |
            This alert logs into the F5 unit via iControl REST and retrieves the configured routes.
        without-indeni: |
            An administrator could log into the device, enter TMSH and run the command "show net route" and count the routes manually. The routing information is also available via the web interface in "Network" -> "Routes".
        can-with-snmp: true
        can-with-syslog: false
steps:
-   run:
        type: HTTP
        command: /mgmt/tm/net/route?$select=network,gw
    parse:
        type: JSON
        file: rest-mgmt-tm-net-route.parser.1.json.yaml

static_routing_table_comparison_non_vsx

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.crossvendor

import com.indeni.server.common.data.conditions.{Equals => DataEquals}
import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.templates.SnapshotComparisonTemplateRule
import com.indeni.server.rules.RemediationStepCondition

/**
  *
  */
case class static_routing_table_comparison_non_vsx() extends SnapshotComparisonTemplateRule(
  ruleName = "static_routing_table_comparison_non_vsx",
  ruleFriendlyName = "Clustered Devices (Non-VS): Static routing table does not match across cluster members",
  ruleDescription = "Indeni will identify when two devices are part of a cluster and alert if their static routing tables are different.",
  metricName = "static-routing-table",
  isArray = true,
  metaCondition = !DataEquals("vsx", "true"),
  baseRemediationText = "Ensure the static routing table matches across devices in a cluster.",
  alertDescription = "Devices that are part of a cluster must have the same static routing tables. Review the differences below.\n\nThis alert was added per the request of <a target=\"_blank\" href=\"http://il.linkedin.com/pub/itzik-assaraf/2/870/1b5\">Itzik Assaraf</a> (Leumi Card)."
  )(
  RemediationStepCondition.VENDOR_CP -> "Use the \"show configuration\" command in clish to compare the calls to \"set static-route\".",
  RemediationStepCondition.VENDOR_CISCO ->
    """|
      |1. Execute the "show ip route static" command to display the current contents of the  static routes installed to the routing table.
      |2. Compare the static route config between the peer switches with the show run | i "ip route" command
      |NOTE: The static routes configured between the peer switches may be different in case of orphan devices without need of redundancy between the vPC peer switches
      |3. For more information please review the next Cisco configuration guide:
      |https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx-os/unicast/configuration/guide/l3_cli_nxos/l3_route.html
    """.stripMargin
)
{override def deviceCondition(context: RuleContext) = generateDevicePassiveAndPassiveLinkStateCondition(context.tsDao)}